Re: Security Groups implementation

Suryanarayanan, Aswin <aswin.suryanarayanan@...>

Hi Vishal,

Yes we are working on the provider in the net-virt. Neutron part is done , but we have to port it to MD-SAL.

Currently we are working with stateless use cases and trying to achieve openstack parity for that. As I understand 0VS 2.4 may support conn-track capabilities, we may have to wait for this to achieve the stateful use cases.


Date: Thu, 9 Jul 2015 06:12:42 +0000
From: Vishal Thapar <vishal.thapar@...>
To: "neutron-dev@..."
"ovsdb-dev@..." <ovsdb-dev@...>
Subject: [ovsdb-dev] Security Groups implementation
Content-Type: text/plain; charset="us-ascii"


I was looking for some information on the SG implementation in ODL. My understanding is that the provider in net-virt is in progress while NeutronNorthbound part of it is complete. Is this correct?

I was working with Amir on OVS Firewall during Icehouse/Juno before it got pushed back till conntrack support was available in OVS. My question is about the ODL implementation in-progress now, is it based off conntrack, or does it use one of the earlier approaches [TCP flags or Learn]?

I didn't find anything in wiki outlining the design of SG implementation. Could anyone shed any light on these?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>


Join { to automatically receive all group messages.